////////////////////////////////////////////////////////////////////////
//
//     Copyright (c) 2009-2013 Denim Group, Ltd.
//
//     The contents of this file are subject to the Mozilla Public License
//     Version 2.0 (the "License"); you may not use this file except in
//     compliance with the License. You may obtain a copy of the License at
//     http://www.mozilla.org/MPL/
//
//     Software distributed under the License is distributed on an "AS IS"
//     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
//     License for the specific language governing rights and limitations
//     under the License.
//
//     The Original Code is ThreadFix.
//
//     The Initial Developer of the Original Code is Denim Group, Ltd.
//     Portions created by Denim Group, Ltd. are Copyright (C)
//     Denim Group, Ltd. All Rights Reserved.
//
//     Contributor(s): Denim Group, Ltd.
//
////////////////////////////////////////////////////////////////////////
package com.denimgroup.threadfix.data.entities;

import java.util.List;

import javax.persistence.CascadeType;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.validation.constraints.Size;

import org.codehaus.jackson.annotate.JsonIgnore;
import org.hibernate.validator.constraints.NotEmpty;

@Entity
@Table(name = "GenericVulnerability")
public class GenericVulnerability extends BaseEntity {

	private static final long serialVersionUID = 3931635865592335935L;

	public static final String CWE_XPATH_INJECTION = "Improper Neutralization of Data within XPath Expressions ('XPath Injection')";
	public static final String CWE_BLIND_XPATH_INJECTION = "XML Injection (aka Blind XPath Injection)";
	public static final String CWE_CROSS_SITE_SCRIPTING = "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')";
	public static final String CWE_SQL_INJECTION = "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')";
	public static final String CWE_HTTP_RESPONSE_SPLITTING = "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')";
	public static final String CWE_PATH_TRAVERSAL = "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')";
	public static final String CWE_DIRECT_REQUEST = "Direct Request ('Forced Browsing')";
	public static final String CWE_DIRECTORY_INDEXING = "Information Exposure Through Directory Listing";
	public static final String CWE_LDAP_INJECTION = "Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')";
	public static final String CWE_FORMAT_STRING_INJECTION = "Uncontrolled Format String";
	public static final String CWE_OS_COMMAND_INJECTION = "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')";
	public static final String CWE_EVAL_INJECTION = "Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')";
	public static final String CWE_CROSS_SITE_REQUEST_FORGERY = "Cross-Site Request Forgery (CSRF)";
	public static final String CWE_FILE_UPLOAD = "Unrestricted Upload of File with Dangerous Type";
	public static final String CWE_INFORMATION_EXPOSURE = "Information Exposure";
	public static final String CWE_PRIVACY_VIOLATION = "Privacy Violation";
	public static final String CWE_DEBUG_CODE = "Leftover Debug Code";
	public static final String CWE_GENERIC_INJECTION = "Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')";
	
	@NotEmpty(message = "{errors.required}")
	@Size(max = 100, message = "{errors.maxlength}")
	private String name;

	private List<Vulnerability> vulnerabilities;
	private List<VulnerabilityMap> vulnerabilityMaps;

	@Column(length = 100, nullable = false)
	public String getName() {
		return name;
	}

	public void setName(String name) {
		this.name = name;
	}

	@OneToMany(mappedBy = "genericVulnerability", cascade = CascadeType.ALL)
	@JsonIgnore
	public List<Vulnerability> getVulnerabilities() {
		return vulnerabilities;
	}

	public void setVulnerabilities(List<Vulnerability> vulnerabilities) {
		this.vulnerabilities = vulnerabilities;
	}

	@OneToMany(mappedBy = "genericVulnerability")
	@JsonIgnore
	public List<VulnerabilityMap> getVulnerabilityMaps() {
		return vulnerabilityMaps;
	}

	public void setVulnerabilityMaps(List<VulnerabilityMap> vulnerabilityMaps) {
		this.vulnerabilityMaps = vulnerabilityMaps;
	}

}
